linde: use sqlite3 for dex storage instead of etcd

1 files changed, 18 insertions, 17 deletions

diff --git a/system/linde.nix b/system/linde.nix
index 56a7b1bd..fe9497e7 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -972,15 +972,13 @@ in
       };
     };
 
-  services.etcd = {
-    enable = true;
-    initialClusterState = "existing";
-    dataDir = "/var/lib/etcd"; # TODO backup
-    extraConf = {
-      AUTO_COMPACTION_RETENTION = "1h";
-    };
+  users.users.dex = {
+    home = "/var/lib/dex";
+    createHome = true;
+    isSystemUser = true;
+    group = "dex";
   };
-
+  users.groups.dex = { };
   services.dex =
     let
       issuer = "https://id.alanpearce.eu/";
@@ -991,11 +989,8 @@ in
       settings = {
         inherit issuer;
         storage = {
-          type = "etcd";
-          config = {
-            endpoints = config.services.etcd.listenClientUrls;
-            namespace = "dex/";
-          };
+          type = "sqlite3";
+          config.file = "/var/lib/dex/storage.sqlite";
         };
         web.http = "127.0.0.1:5556";
         connectors = [{
@@ -1023,10 +1018,16 @@ in
         ];
       };
     };
-  systemd.services.dex.unitConfig = {
-    After = [ "etcd.service" ];
-    Requires = [ "etcd.service" ];
-  };
+  systemd.services.dex.serviceConfig =
+    let
+      user = config.users.users.dex;
+    in
+    {
+      ReadWritePaths = [ user.home ];
+      DynamicUser = lib.mkForce false;
+      User = user.name;
+      Group = user.group;
+    };
 
   services.redis = {
     servers = {